Spring Boot 入门安全 3.1.1

问题描述 投票:0回答:0

我正在从 Spring 2.7 升级到 Spring 3.1.1,修复了所有 Javax 到 Jakarta 的问题,但现在我不知道如何修复我的“filterChain”和白名单以确保我的安全。找不到任何解决方案,因此需要一些帮助来理解我做错了什么或任何文档(在撰写此问题时,官方文档正在更新到新版本但尚未完成)。

这是我的代码:

import com.my-project.my-software.security.JwtRequestFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * Class created to be the configuration for security on the system.
 *
 * @author Alfredo marin
 * @version ALPHA-0.0.1
 * @since 2023-02-17
 */

@Configuration
public class WebSecurityConfig implements WebMvcConfigurer {

    /**
     * JWT Filter Request instance.
     */
    private final JwtRequestFilter jwtFilterRequest;

    /**
     * List with whitelisted endpoints.
     */
    private static final String[] AUTH_WHITELIST = {
            // -- Swagger UI v2
            "/v2/api-docs",
            "/swagger-resources",
            "/swagger-resources/**",
            "/configuration/ui",
            "/configuration/security",
            "/swagger-ui.html",
            "/webjars/**",
            // -- Swagger UI v3 (OpenAPI)
            "/v3/api-docs/**",
            "/swagger-ui/**",
            // other public endpoints of your API may be appended to this array
            "/users/register",
            "/users/login"
    };

    /**
     * Constructor.
     *
     * @param jwtFilterRequest JWT Filter Request instance.
     */
    @Autowired
    public WebSecurityConfig(JwtRequestFilter jwtFilterRequest) {
        this.jwtFilterRequest = jwtFilterRequest;
    }

    @Override
    public void addCorsMappings(CorsRegistry registry) {
        registry.addMapping("/**").allowedMethods("*");
    }

    /**
     * Method that configure the HTTP Security of the application.
     *
     * @param http the {@link HttpSecurity} to modify
     * @throws Exception The API can encounter unknown bugs.
     */
    public void filterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(authorizeHttpRequests ->
                authorizeHttpRequests
                        .requestMatchers("/**").hasRole("USER")
        ).exceptionHandling(exceptionHandling ->
                exceptionHandling
                        .accessDeniedPage("/errors/access-denied")
        );
        http.addFilterBefore(jwtFilterRequest, 
                UsernamePasswordAuthenticationFilter.class);
    }
}

TL;DR:我无法使用 Spring Boot Starter Security 3.1.1 成功配置白名单路径 PS:“我的项目”和“我的软件”只是这个问题的占位符。

java spring spring-boot security spring-security
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.